Programmatic Security

Programmatic security involves an
EJB component or servlet using method calls to the security API, as
specified by the Java EE security model, to make business logic decisions
based on the caller or remote user’s security role. Programmatic
security should only be used when declarative security alone is insufficient
to meet the application’s security model.

The Java EE specification defines
programmatic security as consisting of two methods of the EJB EJBContext interface and two methods of the servlet HttpServletRequest interface. The GlassFish Server supports
these interfaces as specified in the specification.